Category:OWASP Top Ten Controls Project

Revision as of 20:43, 16 January 2013 by Jmanico (Talk | contribs)

Jump to: navigation, search


This is a placeholder page for the upcoming OWASP Top Ten Controls 2013 document.

This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.

OWASP Top Ten Proactive Controls

These controls may include:

  1. Query Parameterization per
  2. Hashed, Salted and Stretched Password Storage per
  3. Output Encoding per
  4. Forgot Password Workflow per
  5. Content Security Policy
  6. Secure JSON Parsing
  7. Input Validation per
  8. Transport Layer Security
  9. Access Control Design
  10. Virtual Patching

Others to consider

  1. Re-authentication (authenticating individual transactions)
  2. CSRF Tokens
  3. Framebusting
  4. Defense to prevent

Glossary of Terms


This category currently contains no pages or media.